add explicit_bzero to libc. implementation subject to change, but start

the ball rolling. ok deraadt.
10 years ago · 2beb8f104d
--- a/src/include/string.h
+++ b/src/include/string.h
@ -1,4 +1,4 @@
 /*	$OpenBSD: string.h,v 1.26 2013/05/13 10:37:02 ajacoutot Exp $	*/
 /*	$OpenBSD: string.h,v 1.27 2014/01/22 21:06:45 tedu Exp $	*/
 /*	$NetBSD: string.h,v 1.6 1994/10/26 00:56:30 cgd Exp $	*/
 /*-
@ -126,6 +126,8 @@ char	*strsignal(int);
 #endif
 #if __BSD_VISIBLE
 void	 explicit_bzero(void *, size_t)
 		__attribute__ ((__bounded__(__buffer__,1,2)));
 void	*memmem(const void *, size_t, const void *, size_t);
 void	*memrchr(const void *, int, size_t);
 char	*strcasestr(const char *, const char *);
--- a/src/lib/libc/string/Makefile.inc
+++ b/src/lib/libc/string/Makefile.inc
@ -1,9 +1,9 @@
 #	$OpenBSD: Makefile.inc,v 1.32 2013/12/19 20:52:37 millert Exp $
 #	$OpenBSD: Makefile.inc,v 1.33 2014/01/22 21:06:45 tedu Exp $
 # string sources
 .PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string
 SRCS+=	bm.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \
 SRCS+=	bm.c explicit_bzero.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \
 	strcasecmp.c strcasestr.c strcoll.c strdup.c \
 	strerror.c strerror_r.c strlcat.c strmode.c strndup.c strnlen.c \
 	strsignal.c strtok.c strxfrm.c \
@ -155,6 +155,7 @@ MAN+=	bm.3 bcmp.3 bcopy.3 bstring.3 bzero.3 ffs.3 memccpy.3 memchr.3 \
 	wmemset.3
 MLINKS+=bm.3 bm_comp.3 bm.3 bm_exec.3 bm.3 bm_free.3
 MLINKS+=bzero.3 explicit_bzero.3
 MLINKS+=memchr.3 memrchr.3
 MLINKS+=stpcpy.3 stpncpy.3
 MLINKS+=strchr.3 index.3
--- a/src/lib/libc/string/bzero.3
+++ b/src/lib/libc/string/bzero.3
@ -27,9 +27,9 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\"	$OpenBSD: bzero.3,v 1.9 2013/06/05 03:39:23 tedu Exp $
 .\"	$OpenBSD: bzero.3,v 1.10 2014/01/22 21:06:45 tedu Exp $
 .\"
 .Dd $Mdocdate: June 5 2013 $
 .Dd $Mdocdate: January 22 2014 $
 .Dt BZERO 3
 .Os
 .Sh NAME
@ -39,6 +39,8 @@
 .In string.h
 .Ft void
 .Fn bzero "void *b" "size_t len"
 .Ft void
 .Fn explicit_bzero "void *b" "size_t len"
 .Sh DESCRIPTION
 The
 .Fn bzero
@ -51,6 +53,12 @@ If
 is zero,
 .Fn bzero
 does nothing.
 .Pp
 The
 .Fn explicit_bzero
 variant behaves the same, but will not be removed by a compiler's dead store
 optimization pass, making it useful for clearing sensitive memory such as a
 password.
 .Sh SEE ALSO
 .Xr memset 3 ,
 .Xr swab 3
@ -59,3 +67,7 @@ The
 .Fn bzero
 function first appeared in
 .Bx 4.2 .
 The
 .Fn explicit_bzero
 function first appeared in
 .Ox 5.5 .
--- a/src/lib/libc/string/explicit_bzero.c
+++ b/src/lib/libc/string/explicit_bzero.c
@ -0,0 +1,20 @@
 /*	$OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
 /*
 * Public domain.
 * Written by Ted Unangst
 */
 #if !defined(_KERNEL) && !defined(_STANDALONE)
 #include <string.h>
 #else
 #include <lib/libkern/libkern.h>
 #endif
 /*
 * explicit_bzero - don't let the compiler optimize away bzero
 */
 void
 explicit_bzero(void *p, size_t n)
 {
 	bzero(p, n);
 }